AIP Scanner Database Service Account Error

Jacob Ellis 66 Reputation points
2022-07-12T15:56:08.373+00:00

Hello,

I have run through all the Prereqs for the AIP Scanner install and have installed the scanner quite a few times. I have registered the app and am able to see the server in the nodes. I see the DB in the SQL instance and have verified the permissions for the service account. However:

When I run AIPScannerStatus:

219947-image.png

When I run ScannerDiagnostics:

219991-image.png

There seems to be some disconnect between the service account and DB, I have verified all permissions etc.

Azure Information Protection
Azure Information Protection
An Azure service that is used to control and help secure email, documents, and sensitive data that are shared outside the company.
555 questions
Microsoft Purview
Microsoft Purview
A Microsoft data governance service that helps manage and govern on-premises, multicloud, and software-as-a-service data. Previously known as Azure Purview.
1,383 questions
0 comments No comments
{count} votes

Accepted answer
  1. Givary-MSFT 35,216 Reputation points Microsoft Employee
    2022-07-13T06:00:11.063+00:00

    @JacobEllis-2694

    Thank you for reaching out to us. As I understand you are configuring AIP scanner configuration during the process encountering database errors.

    Would like to understand is this a new setup ?

    Have you used an account with Sysadmin role to install the scanner - Sysadmin role enables the installation process to automatically create the scanner configuration database and grant the required db_owner role to the service account that runs the scanner.

    Accounts and Permissions - https://techcommunity.microsoft.com/t5/security-compliance-and-identity/best-practices-for-deploying-and-using-the-aip-ul-scanner/ba-p/1878168#:~:text=mileage%20might%20vary.-,Accounts%20and%20permissions,-Depending%20on%20your

    Please help me with the scanner logs

    If you log on to the server as the scanner account, use option one. Otherwise use the second option.

    1. Log into the AIP Scanner server and navigate to %localappdata%\Microsoft\MSIP. Zip up the MSIP directory including subdirectories.
    2. Navigate to C:\Users, find the AIP Scanner account directory, and zip the C:\username\localappdata\Microsoft\MSIP directory, including subdirectories.

    Also did you perform SQL connectivity test, you can simply perform an UDL test.

    Let me know if you have any further questions.


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.